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Exam C 

QUESTION 1 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 Windows Service application that will be used on a multiprocessor 

system. 

You are writing code for a class that contains globally accessible Integer variable named Testcounter. 

The value of the Testcounter will be incremented of decremented from other classes running in separate 

threads. 

You are required to provide atomic and non-blocking updates for the Testcounter whilst your solution provides 

the best performance. 

What should you do? 



A. 

B. The Overlapped class should be used 

C. The SynchronizationContext class should be used 

D. The SyncLock statement should be used 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: For this particular scenario the Interlocked class is ideal because you are required to provide 

atomic and non-blocking updates for a data item. 

Incorrect Answers: 

B: This option should not be used in the scenario because it is used to transfer information to Win32 API 

functions. 

C: This operation should not be used as you will not be providing atomic and non-blocking updates. 

D: This option should not be used as it does not offer atomic operations and offers inferior performance 

compared to the Interlocked class. 

QUESTION 2 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 Windows Service application. You are required to synchronize 

execution of some resources across multiple processes. 

What should you do? 

A. 

B. Use the Interlocked class. 

C. Use the Monitor class. 

D. Use the ReaderWriterLock class. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The Mutex class can be used for the synchronization of thread execution across multiple 

processes. 

Incorrect Answers: 

B, C, D: The classes in question in these options can not be used in the scenario because they can only be 

used within a single process. 



QUESTION 3 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 application that uses the CreateDomain method of the AppDomain 

class to create an application domain. 

You are required to set the following properties for the new application domain: 

* Root directory 

* Location of the configuration file 

* Search path that the Common Language Runtime uses to load the assemblies into the domain 
You must ensure that these properties values are passed to the CreateDomain method. 

What should you do? 

A. Pass an AppDomainFactory object as a parameter to the CreateDomain method. 

B. Pass an AppDomainlsolatedTask object as a parameter to the CreateDomain method. 

C. Pass an AppDomainHelper object as a parameter to the CreateDomain method. 
D. 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: The correct method for achieving your scenario objective is to pass an AppDomainSetup object as 

parameter to the CreateDomain method. The AppDomainSetup object is used to allow you to specify the root 

directory and required. 

Incorrect Answers: 

A: This method is used to create a new AppDomain instance for the Web applications and can not be used to 

specify setup information for an application domain. 

B: The method in question here can be used to create build tasks that can be instantiated in their own 

application domain but can not be used to specify setup information. 

C: This method should not be used in the scenario as it switches into the given application domain and does a 

callback on the given function and can not be used to specify setup information. 

QUESTION 4 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 system utility application and are required to write some code that 

allows you to examine assemblies compiled for other platforms of the .NET Framework. You create a new 

application domain and load assemblies into it. 

You are required to ensure that code loaded into this context can be examined but not executed. 

You know the path name of the file containing the assembly but you do not know the name of the assembly. 

What should you do? 

A. 

B. The Assembly. LoadFrom method should be used. 

C. The Assembly. ReflectionOnlyLoad method should be used. 

D. The Assembly. Load method should have been used. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The correct method for what is required would be to use the reflection-only load context because 
this allows you to only examine the assembly and not execute it. 

Incorrect Answers: 



B, D: These methods should not be considered for usage because the methods allow you to execute code and 
create objects. 

C: The method in question should not be considered for usage when you only know the path name to where the 
assembly resides. 

QUESTION 5 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 Web application. You need to access the configuration data for the 

application. 

You do not need read-only access to the configuration data whilst your solution provides the maximum 

performance. 

What should you do? 

A. The GetSection method of the Configuration class should be used 

B. The GetSection method of the ConfigurationManager class should be used 

C. The GetSectionGroup method of the Configuration class should be used 

D. The 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: The configuration class in question is designed to programmatically access configuration 

information for Web applications. The GetSection static method retrieves the cached configuration information. 

Incorrect Answers: 

A: The method in question does allow programmatic access to all configuration files but it does not cache 

configuration values for the current application. 

B: This should be avoided at all costs as it is best suited for retrieving information for Windows client 

applications. 

C: This method is used to only retrieve specific section groups from the configuration object similar to the 

GetSection method. 

QUESTION 6 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 Web application and are busy creating a Configuration object in 

your application that inherits 

settings from the applications' web.config file and machine. config file. 

You modify several of the Configuration objects settings and want to save the Configuration object to a file 

named testconf.config. 

You require only the values that differ from the inherited values to be written to the configuration file. 

What should you do? (Choose two) 

A. The Save method on the Configuration object should be called 

B. The ConfigurationSaveMode.Full value must be passed as a parameter 

C. The ConfigurationSaveMode. Modified value must be passed as a parameter 

D. The 

E. The ConfigurationSaveMode. Minimal value should be passed as a parameter 

Answer: CD 
Section: (none) 



Explanation/Reference: 

Explanation: When you are required to write configuration settings to a different file the SaveAs method should 

be called. If you wish to write only values which differ from inherited values the ConfigurationSaveMode. Minimal 

value should be passed as a parameter. 

Incorrect Answers: 

A: This method is used to have the SaveAs method to save all the values to the configuration file that you 

specified in the scenario. 

B: This method is used to have the SaveAs method to only the modified values to the configuration file that you 

specified in the scenario. 

QUESTION 7 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are in the process of maintaining a .NET Framework 1 .0 Windows application and need to configure the 

application to run using the .NET Framework 1.1. 

The network computers of Certkiller .com all have three versions of .NET Framework (version 1 .0, 1 .1 , and 2.0 

installed side-by-side. 

You are required to modify the application configuration file to target the .NET Framework 1 .1 runtime. 

What should you do? 

A. <configuration> 
<startup> 

<supportedRuntime version="v2.0.50727"/> 
<supportedRuntime version="v1 .1 .4322"/> 
<supportedRuntime version="v1 .0.3705"/> 
</startup> 
</configuration> 

B. <configuration> 
<startup> 

<supportedRuntime version="v1 .1 .4322"/> 
<supportedRuntime version="v1 .0.3705"/> 
</startup> 
</configuration> 

C. <configuration> 
<startup> 

<requiredRuntime version="v1 .1 .4322"/> 

</startup> 

</configuration> 

D. <configuration> 

<Sti 

<supportedRuntime version="v1 .1 .4322"/> 

■^/startuD^' 

</configuration> 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: 

To have your applications run under the required runtime in the scenario you should use the configuration 

section provided in the answer, this is the only correct method. 

Incorrect Answers: 

A: The method you are trying to use hear is incorrect as you would be executing against .NET Framework v2.0. 

B: The method you are trying to use hear is incorrect as you would be executing against .NET Framework v1 .1 . 

C: This method is used to indicate that the application only supports .Net Framework v1 .0 and should not be 

used in the scenario. 



QUESTION 8 

C: The path here is incorrect since you only need point to the Test20 path in the scenario. You work as the 

application developer at Certkiller .com. 

Certkiller .com uses Visual Studio.NET 2005 as its application development platform. 

You are developing a .NET Framework 2.0 application and are busy developing the shared assembly called 

BillSharedObjects which resides in a file 

named BillSharedObjects.dll, upon compiling you store the assembly in the C:\BillSharedObjects\Debug 

directory. 

You do not want the assembly to be repeatedly installed in the global assembly cache while you develop and 

debug. 

You want the application to load the assembly from its current location by .Net Framework when testing whilst 

any changes made to the system not affect 

any other applications that are deployed or will be deployed. 

What should you do? (Choose two) 

A. C:\SharedObjects\Debug must be put in the PATHEXT environment variable 

B. C:\SharedObjects\Debug must be put in the PATH environment variable 

C. C:\SharedObjects\Debug must be put in the DEVPATH environment variable 

D. The following code should be added to the application configuration file: 
<configuration> 

<runtime> 

<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <probing privatePath="c:\SharedObjects 

\Debug"/> 

</assemblyBinding> 

</runtime> 

</conmfiguration> 

E. The following code should be added to the machine configuration file: 
<configuration> 

<runtime> 

<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1 "> <dependantAssembly> 

<assemblyldentity name="BillSharedObjects" 

publicKeyToken="12ac3ab67e0a34b5" 

culture="en-us"/> 

<codeBase version="2. 0.0.0" 

href="BillSharedObjects\Debug"/> 

</dependantAssembly> 

</assemblyBinding> 

</runtime> 

</configuration> 

F. The following code should be added to the machine configuration file: 
<cc 

<runtime> 

<developmentMode developerlnstallation="true"/> 

</runtime> 

</configuration> 

Answer: F 
Section: (none) 

Explanation/Reference: 

Explanation: 

In order for you to achieve the scenario objective you must use the <developmentMode> element and set the 

developerlnstallation attribute to "true" this will let .NET Framework search for assemblies in the DEVPATH 

environment variable. 

Incorrect Answers: 



A, B: This method is incorrect as these environment variables are used by Windows and are not used by .NET 

Framework. 

D, E: The usage of the <codeBase> and <probing> elements are incorrect as the one is useful for specifying 

the search path for private assemblies and the other will affect settings of applications that are already 

deployed. 

QUESTION 9 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 
application development platform. 

You are developing a .NET Framework 2.0 Windows service application that has three distinct Windows 
services. You create a custom installation class named 

BillApplnstaller which derives from the Installer class. 

Within the class you decide to customize installation for each Windows service by using the Servicelnstaller 

objects and add them to the installer collection below: 

Installers .Add(servicelnstallerl) 
Installers .Add(servicelnstaller2) 
Installers .Add(servicelnstaller3) 

You later compile the class and store in a file named BillApplnstaller.dll. You are required to programmatically 
access and install the Windows services in the BillApplnstaller.dll file. 
What should you do? 

A. Use the ManagedlnstallerClass class. 

B. Use the Componentlnstaller class. 

C. Use the InstallContext class. 

D. Use 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: The Assemblylnstaller class should be used in the scenario because the Assemblylnstaller class 

is capable of loading available installers in an assembly and install them. 

Incorrect Answers: 

A: This class should not be used in the scenario as this is not for the .NET Framework internal use. 

B: This method is used to install components such as event logs and performance counters and should not be 

used in the scenario. 

C: This class should not be used because by itself the class can not help install the installers in an assembly. 

QUESTION 10 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 Remoting application with the name of your class BillType and the 

name of the assembly TestAssembly which will be accessed using the Transmission Control Protocol (TCP) at 

port 1234. 

You are required to expose BillType as a server-activated object for remote access whilst you must use a 

configuration file to register the remote object. 

What should you do? 



A. <configuration> 
<system. runtime. remoting> 
<application> 
<service> 

<activated type = "BillType, TestAssembly"/> 

</service> 

</application> 

</system. runtime. remoting> 

</configuration> 

B. <configuration> 
<system. runtime. remoting> 
<application> 

<client url="tcp://localhost:1 234/BillType.rem"> 

<activated type ="BillType, TestAssembly"/> 

</client> 

</application> 

</system. runtime. remoting> 

</configuration> 

C. <configuration> 
<system. runtime. remoting> 
<ac 

<service> 

<wellknown mode = "Singleton" 

type -'BillType, TestAssembly"objectUri="BillType.rem"/> 

</service> 

</application> 

</system. runtime. remoting> 

</configuration> 

D. <configuration> 
<system. runtime. remoting> 
<application> 

<client> 

<wellknown type="BillType, TestAssembly"url="tcp://localhost:1234/BillType.rem"/> 

</client> 

</application> 

</system. runtime. remoting> 

</configuration> 

Answer: C 

Section: (none) 

Explanation/Reference: 

Explanation: In order to successfully set up an object for remote access the configuration used in the answer is 

the proper method if you want the object to be activated as a server object. 

Incorrect Answers: 

A, B, D: The usage of the <client> element is incorrect as this will be used to configure a program that will 

consume the remote object and in the scenario you must expose an object for remote access. 

QUESTION 11 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 application for Certkiller .com. 

You complete the application but as soon as Certkiller .com users attempt to log on to the application the 

application fails. 

You need to have an entry written to the Windows event log. When you look at the event log viewer you want 

the source of the events to be listed as TestApp. 



You are required to create an event source that can be used to write entries to the event log. 
What should you do? 

A. 

EventLDg.CreateEventSource 
End If 

B. EventLog.LogNameFromSourceName("TestApp", "Application") 

C. EventLog.LogNameFromSourceName("TestApp", "Security") 

D. If Not EventLog.SourceExistsfTestApp") Then 
EventLog.CreateEventSource("TestApp", "Security") 
End If 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The code that is used in the answer is the proper code that should be used to create entries into 

the Application event log. 

Incorrect Answers: 

B, C, D: The other methods that are used are not correct because the security log is read-only and furthermore 

the LogNameSourceName method returns the name of an event log for the given event and does not help in 

creating an event source. 

QUESTION 12 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 Windows application named TestAnalyzer.exe that will be used to 

monitor the Application event log of the local computer to find if any new events are generated by another 

application named BillNotify.exe which runs on the local computer named Certkiller -WS1 1 . 

Whenever a new event log entry is recorded the application must invoke the applicationl_og_EntryWritten 

method in response. 

You write the code below for the notification of new event log entries: 

Dim applicationLog As EventLog = New Eventl_og("Application", ".") 

AddHandler applicationLog.EntryWritten, 

AddressOf 

applicationLog_EntryWritten 

When you test the application you discover that there are no notifications generated. You are required to ensure 
that you are notified of a new event log entries. 
What should you do? 

A. The 

B. The applicationLog. Log property must be set to BillNotify.exe 

C. The applicatioLogMachineName property must be set to Certkiller -WS1 1 

D. The applicationLog EnableRaisingEvents property must be set to False 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The EnableRaisingEvents property of the applicationLog object must be set to true if you want to 
be notified whenever new entries have been written to the specified event log. 

Incorrect Answers: 



B: This method is incorrect as the Log property should be used to specify the name of the event log. 

C: This is incorrect as this is a redundant operation and the EventLog object is already pointing to Certkiller - 

WS11. 

D: This step is almost what you require but the property of the EnableRaisingEvents should be set to True. 

QUESTION 13 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 application that will be used for publishing its own custom 

performance counter. 

You additionally require the value of a performance counter to increase by 5 and must minimize the amount of 

code needed to write. 

What should you do? 

A. Use the NextValue method. 

B. Use the Decrement method. 

C. Use the Increment method. 

D. se the i^^^^^Hlrr 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: To have the value of a counter decreased by the desired amount the best choice of method 

requiring the least amount of code would be the IncrementBy method. 

Incorrect Answers: 

A: This is the code used to return the value of the counter and should not be used in the scenario. 

B: The method is used if you want to have the value decreased and in the scenario an increase is needed. 

C: This method is used to only increase the value of the counter by one and should not be used. 

QUESTION 14 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 Windows application that provides a user interface similar to 

Microsoft Excel and allows users to manage their expenses. 

You recently wrote a wrapper around the expense management application which performs security checks. 

If the users have the sufficient rights the wrapper application launches the expense management application, if 

no sufficient rights the application should be forced to close. 

You must decide which method of the Process class to use. 

What should you do? 

A. 

B. Use the Close method. 

C. Use the Dispose method. 

D. Use the CloseMainWindows method. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: To successfully have an application forcefully close or shutdown the Kill method should be used as 

it forces an immediate termination of the process. 

Incorrect Answers: 

B: This method should not be used as the Close method is used to free resources associated with the 



application process. 

C: This method should not be used in the scenario as it is generally used to implement cleaning of unmanaged 

resources. 

D: This method should not be used as this method requests that the application be closed and we require 
closing the application forcefully. 

QUESTION 15 

You work as an application developer at Certkiller .com. You have just completed 

the creation of an application that receives order data from Certkiller .corn's partner company in XML format. 
The XML has to be utilized to create an Order object that is consumed by the new application. 
The following exhibit displays an example of Certkiller .corn's partner company's XML data: 

<?xml version="1 .0" encoding="utf-8"?> 
Order id="1 01 "> 
<Shipping> 
<lnstructions> 
Come to front door and ring door bell. 
No other options. 
</lnstructions> 
<Address> 
<Street>536 Certkiller Lane</Street> 
<City>Miami</City> 
<State>FL</State> 
<Zip>70536</Zip> 
</Address> 
</Shipping> 

<Date>2006-07-12T00:00:00-04:00</Date> 
<Details> 

<SalesProduct InStock-'true" Taxable="true"> 
<Name>Lounge Suite</Name> 
<Quantity>1 </Quantity> 
<Price>200.00</Price> 
</SalesProduct> 
<Product lnStock="false"> 
<Name>Plasma Television</Name> 
<Quantity>2</Quantity> 
<Price>26.999.00</Price> 
</Product> 
</Details> 
</Order> 

You plan to use the XmlSerializer class to deserialize the XML data into an Order object. 
When you learn that Certkiller .corn's partner company's XML also contains Shipping object data, you decide to 
deserialize the shipping object after the Shipping element is detected during deserialization. 
To achieve this, you need to use a certain event of the XmlSerializer class. 
What event should you use? 

A. UnknownElement 
B. 

C. UnreferencedObject 

D. UnknownAttribute 

Answer: B 
Section: (none) 



Explanation/Reference: 

Explanation: The UnknownNode event is fired when an unexpected element or node is detected that does not 
map to the XmlSerializer object's expected type. The UnknownNode event included the XmlNodeEventArgs, 
which allows access to the entire node of the XML data. This would allow easy deserialization for the Shipping 
object. 

Incorrect Answers: 

A, C, D: These options would not allow easy deserialization for the Shipping object. 

QUESTION 16 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 
application development platform. 

You are developing a .NET Framework 2.0 remoting application. Your computer system relies on run-time type 
validation. 

You are required to deserialize a remote stream by using the BinaryFormatter class in your application whilst 
you configure the BinaryFormatter object 

to protect against any deserialization attacks by deserializing only certain types associated with only the most 
basic remoting functionality. 
What should you do? 

A. The TypeFormat property should be set to FormatterTypeStyle.TypesAlways 

B. The TypeFormat property should be set to FormatterTypeStyle.TypesWhenNeeded 

C. The FilterLevel property should be set to TypeFilterLevel.Full 
D. 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: The best choice for you in the scenario would be to use the FilterLevel property of the 
BinaryFormatter object set to TypeFilter.Low which deserializes only the most basic remoting functionality 
helping to protect against deserialization attacks. 

Incorrect Answers: 

A, B: The setting can not be used to set the deserialization of types because it just configures how the types are 

laid out in the deseriliazation stream. 

C: This setting should no be used as you will be deserializing all types and this offers no protection against 

deserialization attacks in the scenario. 



QUESTION 17 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 geographical information system for the company and create a 

class named Certkiller Code. 

You are required to serialize all public and non-public data of the Certkiller Code class whilst you ensure that 

you produce the smallest byte stream 

so that the smallest load is placed upon network resources. 

What should you do? 

A. The XmlSerializationWriter class should be used 

B. The XmlSerializer class should be used 

C. The^^^^^^^^Bclass should be used 

D. The SoapFormatter class should be used 



Answer: C 
Section: (none) 

Explanation/Reference: 

Explanation: To successfully serialize all the public and non-public data you should make use of the 
BinaryFormatter class because in addition the BinaryFormatter class produces the most compact byte stream 
compared to other serialization classes. 

Incorrect Answers: 

A, B: The XmlSerializer class should not be used as this class only serializes public properties and fields and 

the XmlSerializationWriter class is used to controls serialization by using the XmkSerialization class and fails to 

meet requirements. 

D: The SoapFormatter class could be used as it will allow you to serialize public and non-public data but the 

result of the stream will be a verbose and will consume more network resources. 



QUESTION 18 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 financial application and are busy developing a module that backs 

up the critical data on a separate hard drive. 

You are required to decide which properties of the Drivelnfo class to use and find the type of file system like 

FAT or NTFS and the drive free space and 

the user disk quota should be ignored by the application. 

What should you do? 

A. Use 

B. Use the DriveType and AvailableFreeSpace properties of the Drivelnfo class. 

C. Use the VolumeLabel and TotalSize properties of the Drivelnfo class. 

D. Use the DriveType and TotalSize properties of the Drivelnfo class. 

E. Use the DriveFormat and AvailableFreeSpace properties of the Drivelnfo class. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The only choice that would work with your requirement is the DriveFormat and TotalFreeSpace 

properties of the Drivelnfo class; this will display what you need. 

Incorrect Answers: 

B: The DriveType property should not be used as it only specifies whether the drive is a DVD ROM or fixed 

drive etc. The AvailableFreeSpace property should also not be used as the user disk quota would be taken into 

account. 

C: The VolumeLabel property should not be used in the scenario as it is used to give a name to the fixed disk. 

The TotalSize property should also not be used as it will specify the entire disk space not just free space. 

D: The DriveType property should not be used as it only specifies whether the drive is a DVD ROM or fixed 

drive etc. 

E: The AvailableFreeSpace property should not be used as the user disk quota would be taken into account. 

QUESTION 19 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 data analysis application. 

You have no information about the inherent structure of a file when it is supplied to the program for reading 

data. 

You are required to read the contents of the file byte-by-byte and make use of a custom algorithm to find its 

format whilst selecting a class 



that allows you to read the files contents byte-by-byte. 
What should you do? 

A. 

B. Use the BinaryReader class. 

C. Use the StreamReader class. 

D. Use the StringReader class. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The purpose and function of the FileStream class is to allow the user to be able to view the 

required files byte-by-byte. 

Incorrect Answers: 

B: The BinaryReader class is use full if you know the binary format for the data to read but should not be 

considered for use in the scenario. 

C: This method is use full if you want to read character data in a particular encoding, but is not useful for 

reading any other data. 

D: This class is used for reading text from a string and is not use full for reading any other data. 

QUESTION 20 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 text-processing application. You have access to an array of bytes 

named ckArray that contains your data. 

You are busy writing code that will be used to write the contents of the array to a disk file. 

If you are done with the write operation you also display the contents of the stream on the console to make sure 

that the write operation completes successfully. 

The code segment to read and write from the stream is shown below and the line numbers are reference only: 

01: Using fStream As FileStream = New FileStream("ckFile.txt", FileMode. Create) 

02: For i As Integer = To ckArray. Length 

03: fStream.WriteByte(ckArray(i)) 

04: Next i 

05: 'Add code segment here 

06: For i As Integer = To fStream. Length 

07: Console.WriteLine(fStream.ReadByte()) 

08: Next i 

09: End Using 

You add the appropriate code at line 05 to correctly print the contents of the stream. 
What segment should you add? 

A. fStream. Seek(0, SeekOrigin.End) 

B. fStream. Position = fStream. Length 

C. fStream. Seek(0, SeekOrigin. Current) 
D. 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: Because after every write operation is completed you need to reposition the stream so that you 



can read the contents from the beginning which is done with the statement in the answer, the first parameter 
will specify the offset, the second the reference point for the seek operation and the value SeekOrigin. Begin 
indicates that the reader should be positioned at the beginning of the stream. 

Incorrect Answers: 

A, C: The method in the statement is incorrect because you are referencing the end or the current part of the 

stream which you are trying to manipulate. 

B: This statement should not be used because it sets the current position of the stream to its length effectively 

referencing the end of the stream. 

QUESTION 21 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 banking Windows Forms application and are busy working on a 

function that retrieves the images of cancelled checks and displays them on the from. You currently have 

access to a method that reads the images from Microsoft SQL server as a series of bytes. 

You are required to select a class that allows you to transfer the image from SQL Server to the Windows Forms 

application whilst your solution reduces the need of a temporary buffers and files 

What should you do? 

A. Use 

B. Use the NetworkStream class. 

C. Use the FileStream class. 

D. Use the BufferedStream class. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: With the given scenario objective you should use the MemoryStream class which allows you to 

read the image data in memory and stream it to a Windows Forms application without creating any temporary 

buffers or files. 

Incorrect Answers: 

B: There is no connection established directly to the SQL Server database so using this option is out of the 

question. 

C, D: 

The streaming class in question in this option is incorrect because both require the creation of temporary files 

or buffers. 



QUESTION 22 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 graphical analysis application. 

You are about to save a graphical object from the application which is a collection of x and y points, each 

represented by using a single precision floating point number. 

You are required to keep the disk space usage to a minimum by the saved object. 

What should you do? 

A. Use the TextWriter class. 

B. Use the StreamWriter class. 

C. Use the StringWriter class. 

D. se the BinaryWril 

Answer: D 



Section: (none) 

Explanation/Reference: 

Explanation: The BinaryWriter class is used to store data in a binary format, which is used to provide the most 

compact format for storing data among the given classes. 

Incorrect Answers: 

A, B, C: The classes in question all save or store data in the text format, which will require more space than the 

binary format and therefore should not be used in the scenario. 

Explanation: To successfully read the user's preferences you should make use of the IsolatedStorageFile. 

GetUserStoreForAssembly method should be used. The method retrieves assembly-specific and user-specific 

data from the isolated storage. 

Incorrect Answers: 

A: This method should not be used in the scenario as it is designed too retrieve isolated storage that is 

application domain and assembly specific. B, C: The settings in question should not be used because the 

methods are machine-scoped rather than user scoped. 



QUESTION 23 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 
application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS554 as your development computer. 
You are developing a .NET Framework 2.0 application on Certkiller -WS554. You write the following code in the 
application line numbers are for reference only: 

01: Public Function ProcCount() As Integer 

02: Dim envPerm As EnvironmentPermission = _ 

03: New EnvironmentPermission(_ 

04: EnvironmentPermissionAccess.Read, _ 

05: "NUMBER_OF_PROCESSORS") 

06: 'Add code segment here 

07: Return Environment.ProcessorCount 

08: End Function 

The ProcCount method in the code will be used to return the number of processors on the computer running 
the code and the implementation of the method is completely transparent to the callers of the methods. You 
ensured that the ProcCount method has been granted permission to access environment variables and the 
callers to the code may not have permission to access the variables. The classes in the other assemblies are 
required to be able to successfully call the ProcCount method. You must add code at line 06 to override the 
security check whilst you ensure that any code you write does not affect the permissions that your code already 
has. 
What code segment should you add? 

A. envPerm.PermitOnly() 

B. envPerm.Demand() 

C. encPerm.Deny() 
D. 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: The envPerm.Assert() method should be used in the scenario because the method allows your 
code and any code that you call to perform actions that your code has permissions to perform however the 
callers may not have permissions to perform. 
Incorrect Answers: 



A: The PermitOnly method should not be used in the scenario because it will result to the same action as 

calling Deny on all permissions other than the permission P and this will affect other permissions. 

B: This method should not be considered for use in the scenario because the Demand method requires all the 

callers to have permissions to perform the specific action. 

C: The Deny method should not be considered for usage in the scenario because the method will explicitly 

cause the Permission P to be denied and you are required to ensure permissions are applied to the code. 

• Diesmal NICHT Demand !!! 



QUESTION 24 

You work as an application developer at Certkiller .com. A fellow developer named Amy Walsh recently created 

an assembly that implements a custom permission set. 

Certkiller .com has asked you to test this assembly. 

You start by copying the assembly to a test server named Certkiller -SR1 5 that has the Microsoft .NET 2.0 

Framework installed. 

You then log on to the Certkiller -SR1 5 as a member of the local Administrators Windows group. 

You run the assembly, and receive a security exception. 

You perform a brief analysis of the security issues involved, and find that the assembly has not been assigned 

the appropriate permissions to run. 

You need to ensure that this assembly runs. 

What should you do? 

A. Use the permview.exe tool to modify the assembly's granted permissions. 

B. Use the sn.exe tool to modify the assembly's granted permissions. 

C. Use the ^^^^^| tool to modify the assembly's granted permissions. 

D. Use the gacutil.exe tool to modify the assembly's granted permissions. 

Answer: C 

Section: (none) 

Explanation/Reference: 

Explanation: The caspol.exe command-line tool allows users to modify security permissions, permission sets, 

and code groups for an assembly at the machine, user, and enterprise policy levels. 

Incorrect Answers: 

A: The permview.exe tool only allows users to view declarative security of an assembly. 

B: The sn.exe tool allows developers to create a strong-named asymmetric key pair for strong-named 

assemblies. 

D: The gacutil.exe tool allows users to manage the contents of the global assembly and download cache. 

QUESTION 25 

You work as an application developer at Certkiller .com. 

Certkiller .com has a test server named Certkiller -SR09 that is frequently used by other Certkiller .com 

developers to test assemblies and applied security policies. 

You have just completed creating an assembly and want to test it on Certkiller -SR09. 

You need to ensure that all security policies on Certkiller -SR09 are reset to their default settings. 

What should you do? 

A. Run the caspol all -rollback command. 

B. Run the 

C. Run the machine all -rollback command. 

D. Run the machine all -reset command. 



Answer: B 
Section: (none) 

Explanation/Reference: 

Explanation: The caspol.exe command-line tool allows users to modify security permissions, permission sets, 

and code groups for an assembly at the machine, user, and enterprise policy levels. The reset switch will set 

the specified security policy or policies back to their default state. The all switch refers to machine, user, and 

enterprise policy levels. 

Incorrect Answers: 

A, C: The rollback switch does not exist for the caspol.exe tool. 

D: This option will not set all security policies back to their default state. 

QUESTION 26 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 application and are about to examine the code groups in machine, 

user, and enterprise policies. 

The user security policy file is located in c:\ Certkiller \config\ Certkiller Security.config and belongs to a user 

other than the currently logged on user. 

You are required to use code access security policy tool to inspect the security policy and need the required 

command. 

What should you do? 

A. Run the caspol -customall -resolvegroup "c:\ Certkiller \config\ Certkiller Security.config" command. 

B. Run the caspol -customer "c:\ Certkiller \config\ Certkiller Security.config" -listgroups command. 

C. Run the caspol -customer -resolvegroup "c:\ Certkiller \config\ Certkiller Security.config" command. 

D. F 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: Since the -customall option is used to specify that the command applies to the enterprise, machine 

and custom user policy stored in the 

"c:\ Certkiller \config\ Certkiller Security.config file making this the correct option to use in the scenario. The - 

listgroup option is used to specify the code groups in the specified policies that need to be listed. 

Incorrect Answers: 

A, C: The usage of the -resolvegroup option in the scenario is incorrect because the -resolvegroup option is 

used to show the code groups that the specified user belongs to. 

B: The option in question in this answer should not be used in the scenario because the option is used to 

specify only the code groups of the specified user policy. 

QUESTION 27 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS536 as your development computer. 

You are developing a .NET Framework 2.0 application on Certkiller -WS536. You create an assembly that 

implements a custom security object. 

The assembly resides in the CKPerm.exe file. The CKPerm.exe references the classes in the BasePerm.exe 

assembly. 

You are required to write a script that will be used to add the assembly to the full trust assembly list of the 

currently logged on user whilst the user 

will never have write access to the machine policy file. 

What should you do? (Choose two) 



A. 

B. Run the ^^^■■■I^H BasePe 

C. Run the caspol -enterprise -addfulltrust BasePerm.exe command. 

D. Run the caspol -enterprise -addfulltrust CKPerm.exe command. 

E. Run the caspol -machine -addfulltrust BasePerm.exe command. 

F. Run the caspol -machine -addfulltrust CKPerm.exe command. 

Answer: AB 
Section: (none) 

Explanation/Reference: 

Explanation: The caspol.exe tool is used to allow you to modify the code access security policy at the user level, 

machine level as well as the enterprise level and using the -addfulltrust option adds an assembly that 

implements a custom security object to a list of fully trusted assemblies. 

Incorrect Answers: 

C, D, E, F: In the event that there is no policy level specified the caspol.exe tool checks 

if the user has write permission to the machine policy file if so the machine level security policy will be used 
other wise the user-level policy will be used. 

QUESTION 28 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS536 as your development computer. 

You are developing a .NET Framework 2.0 application on a Certkiller -WS536. 

You must add a new code group which adds FullTrust permissions to the code originating from www. Certkiller . 

com. 

You are required to use the code access security policy tool (Caspol.exe to add the code group whilst you 

ensure that you only affect the user level policy for the 

user running Caspol.exe 

What should you do? 

A. 

B. Run the caspol -user -addgroup -zone Internet command. 

C. Run the caspol -user -addgroup -url www. Certkiller .com FullTrust command. 

D. Run the caspol -user -addgroup -pub -cert test.cer FullTrust command. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The correct thing to do in the scenario would be to make use of the segment that used -user to 

specify only the user level policy, the -addgroup argument to add a new code group to the code hierarchy and 

the -site argument that targets code that originated only from www. Certkiller .com. 

Incorrect Answers: 

B: This method should not be used in the scenario because it is used to simply add a new code group that is a 

member of the Internet Zone. 

C: This command should not be used in the scenario because it should be used to specify a complete url 

including the protocol like http:// etc. 

D: The command should not be used in the scenario as the method does not specify a Web site and the -pub 

argument is used to identify the software publisher. 

QUESTION 29 



You work as an application developer at Certkiller .com. 

Certkiller .com has been contracted by a local doctor's clinic to develop a client application using Microsoft . 

NET 2.0 that sends patient visit information to a remote server at the clinic's main office. 

This data must be transmitted via a secure network stream because it contains patient protected health 

information (PHI). The data will be sent from a windows application client on the doctor's notebook computer to 

a windows service hosted on a remote server. Both of these applications employ a certificate store for network 

identification. 

You need to create a secure data stream by adding certain classes to the client application. 

What classes should you add? (Choose three) 

A. The MD5CryptoServiceProvider class. 

B. The X509Certificate class. 

C. The NetworkStream class. 
D. 

E. The TcpListener class. 

F. The TcpClient c 

Answer: BDF 
Section: (none) 

Explanation/Reference: 

Explanation: You should use the X509Certificateclass to store the server certificate and encrypt data, the 

SslStream 

class to create a secure channel, and the TcpClient class to establish the connection with the server 

application. 

Incorrect Answers: 

A: Using this option would only hash the data using the MD5 algorithm. 

C: Using this option would not necessarily create a secure channel. 

E: This class is used by the server application. 

QUESTION 30 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 application that will be used for transmitting contents over the 

Internet. 

You need to encrypt a data file before transmitting the file. The encryption is required to prevent any spoofing of 

the identity of the publisher of the data file. 

You decide to sign the data using the publisher's private key. You encrypt the data with the publisher's public 

key as well. 

The receiver of the file will use a private key that only he knows to decrypt the data and the receiver has access 

to the publisher's public key also. 

The intended receiver of the file should be able to decrypt the encrypted file after it was received through the 

Internet transmission whilst the receiver should additionally be able to detect if the contents of the data file were 

tampered with. 

What should you do? 

A. The SACrypt class should be used in the scenario 

B. The RijndaeManaged class should be used in the scenario 

C. The SHAICryptoServiceProvider class should be used in the scenario 

D. The SHA1 Managed class should be used in the scenario 

Answer: A 
Section: (none) 



Explanation/Reference: 

Explanation: Since the RSACryptoServiceProvider class implements an asymmetric cryptography algorithm that 
makes use of a set of related keys to encrypt and decrypt data this class is the correct choice in the scenario. 

Incorrect Answers: 

B: This class should not be used in the scenario because the RijndaeManaged class implements a symmetric 

cryptography algorithm that uses a single shared secret key for encrypting and decrypting data. 

C, D: The classes in these two options should not be used in the scenario because the classes both implement 

a hash algorithm that can be used to detect tampering but they can not be used to establish the identity of the 

data file's publisher. 

QUESTION 31 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS554 as your development computer. 

You are developing a .NET Framework 2.0 application on Certkiller -WS536. The application will be used to 

send data over the internet. 

You are required to ensure that the sent data is not modified or tampered with during transmission, the secrecy 

of the data transmission is not considered important. 

You recently decided to implement a hash value for the data by using a secret key and transmit the data along 

with the hash value. 

The receiver of the data should be able to detect whether the data or the hash value has been modified whilst 

the receiver should have access to the secret key that was used for computing the hash value. 

You must additionally ensure that a key sequence of 160 bits should be acceptable. 

What should you do? 

A. The DESCryptoServiceProvider class should be used to encode the data prior to transmission 

B. The HMACMD5 class should be used to encode the data prior to transmission 

C. The MACTripleDES class should be used to encode the data prior to transmission 

D. The V1AC! IHA1 class should be used to encode the data prior to transmission 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: The SHA1 has function is used by the HMACSHA1 class to compute a Has-based Message 

Authentication Code (HMAC) and additionally HMAC can be used to check if a message has been modified 

during the transmission. 

Incorrect Answers: 

A: The class should not be considered for use in the scenario because the class is used to encode the data to 

protect and maintain its secrecy. 

B: The class should not be used because the scenario requires a hash sequence of 160 bits and the class only 

provides a hash sequence of 128 bits. 

C: The class should never be considered for use in the scenario because the class uses a secret key of length 

1 6 or 24 bytes whilst producing a hash sequence of 8 bytes. 

QUESTION 32 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS536 as your development computer. 

You are developing a .NET Framework 2.0 application on Certkiller -WS536. You write the class named 

TestScrapData. 

You are required to configure the TestScrapData class and limit its access to only the code originating from a 



specific Web site, www. Certkiller .com and its subdomains. 

The Web sites will be required to be access using HTTP, HTTPS and the FTP protocols. 

You are required to additionally configure code access permissions for the TestScrapData class 

What should you do? 

A. The should be used in the scenario. 

B. The PublisherldentityPermission class should be used in the scenario. 

C. The ZoneldentityPermission class should be used in the scenario. 

D. The UrlldentityPermission class should be used in the scenario. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: To successfully achieve your scenario objective you must use the SiteldentityPermission class to 

configure code access permissions for the callers from a specific Web site. 

Incorrect Answers: 

B: This class should not be used as it is designed for usage to configure permissions based on the identity of 

the software publisher. 

C: This class should not be used because it is used to configure code access permissions for the zone where 

the code originates and the Internet zone may contain to many Web-sites. 

D: This class should not be considered for use as it is used to configure access permissions for a Uniform 

Resource Locator (URL). 

QUESTION 33 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing a .NET Framework 2.0 application that will be deployed throughout the network on all 

workstations which are all networked as part of a Microsoft Windows domain. 

The application you wrote requires certain permissions in order to run. 

As the domain administrator you configure the enterprise policy to grant the required permissions to the 

application which may be part of one or more code group. 

You must ensure that your application receives the sufficient permissions to run at 

all times whilst you override any policy changes made by the end users that lower the permissions required by 
the application to run. 
What should you do? 

A. 

B. The Exclusive attribute should be applied to the application's code group on the user policy level. 

C. The LevelFinal attribute should be applied to the application's code group on the user policy level. 

D. The Exclusive attribute should be applied to the application's code group on the enterprise policy level. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The FinalLevel attribute should be applied in the scenario to the application's code group on the 

enterprise level as this is the highest level of policy. 

Incorrect Answers: 

B, D: The Exclusive attribute should not be considered in the scenario for usage as the runtime will never grant 

permissions associated with the code group marked with the Exclusive attribute. 

C: This should not be done as you would enable the end users the capability of changing or altering security 

settings that will restrict the applications execution. 



QUESTION 34 

You work as an application developer at Certkiller .com. You are currently creating an application that requires 

role-based security. 

You are planning to utilize a database to store the user accounts and group membership data. You need to 

ensure that users are able to log on and off. 

You also need to ensure that the application you have created tracks the user accounts of these users, and 

restrict or allow access to code based on their group membership. 

You need to achieve this objective with as little developer effort as possible. 

What should you do to implement role-based security? 

A. Inherit from the Genericldentity and GenericPrincipal classes. 

B. Make use of 

C. Implement the lldentity and IPrincipal interfaces. 

D. Make use of Windowsldentity and WindowsPrincipal objects. 

Answer: B 
Section: (none) 

Explanation/Reference: 

Explanation: in this scenario, the Genericldentity and GenericPrincipal objects could be implemented as 

follows: 

Genericldentity curldentity = new Genericldentity ("CurrentUser"); string [] roles = { "Users", "Administrators" }; 

thread. CurrentPrincipal = GenericPrincipal (curldentity, roles); 

This code instantiates a Genericldentity object based upon a user name as a string object, instantiates a string 

array representing the roles to which that user belongs, instantiates a GenericPrincipal object specifying the 

Genericldentity object and string array of roles as arguments, and assigns the new GenericPrincipal object to 

the CurrentPrincipal property of the current thread. By assigning the new principal to the CurrentPrincipal 

property of the current thread, role membership checks can be performed using the IslnRole method Incorrect 

Answers: 

A, C: These options require more developer effort than necessary. 

D: The Windowsldentity and WindowsPrincipal classes are intended for use with windows domain stored 

accounts and groups only. 

QUESTION 35 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS554 as your development computer. 

You are developing a .NET Framework 2.0 application on Certkiller -WS554. 

You are trying to port an old Certkiller .com management application that was written in unmanaged Windows 

code with no COM interfaces. 

The application you are developing makes calls to the old Certkiller .com management unmanaged library 

namedBillPerformance.dll. 

You are required to make a call to the GetPerformaceScore method of the unmanaged Performance.dll library. 

What should you do? 

A. The Type Library Exporter tool (tlbexp.exe) should be used. 

B. The Type Library Importer tool (tlbimp.exe) should be used. 

C. The Assembly Registration tool (regasm.exe) should be used. 

D. The latfo n Invoke (DlllmportAttribut should be used. 

Answer: D 
Section: (none) 



Explanation/Reference: 

Explanation: The feature Platform Invoke is used to allow you to call methods that are in unmanaged libraries 

but you need to declare the unmanaged method in the managed code using the extern and static keywords with 

the Dlllmport attribute which is used to specify the unmanaged library. 

Incorrect Answers: 

A, B, C: The tool should not be considered for usage in the scenario because the unmanaged dll file is not in 

COM and it only processes COM type libraries. 

QUESTION 36 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS554 as your development computer. 

You are developing a .NET Framework 2.0 application on Certkiller -WS554. 

The application's assembly is named Certkiller App and is stored in CertkillerApp.exe. 

You are busy using .NET Framework's Strong Name tool to generate a pair for CertkillerApp.exe shown below: 

Sn.exe -k Certkiller AppKey 

You are required to use the key pair to build the Certkiller App.exe as a strong named assembly. 

What should you do? 

A. The AssemblyKeyFileAttribu class should be used. 

B. The AssemblyDelaySignAttribute class should be used. 

C. The AssemblyConfigurationAttribute class should be used. 

D. The AssemblyKeyNameAttribute should be used. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The Strong name tool is used to allow you to generate and manage keys for the strong name 

signing and by using the -k switch the tool generates a new key pair and stores it in the specified file. So using 

the AssemblyKeyFileAttribute is the correct way to go in the scenario. 

Incorrect Answers: 

B: This class should not be considered for use as it is designed to specify whether or not delayed signing 

should be used. 

C: The class should not be used in the scenario because the class is used to specify a build configuration for an 

assembly. 

D: 

This class should not be used in the scenario because it is used to specify the name of a key container that 

should be used. 



QUESTION 37 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS554 as your development computer. 

You are developing a .NET Framework 2.0 application on Certkiller -WS554. The application will allow Certkiller 

.com users to send e-mails. 

The Certkiller .com users must be able to send e-mail containing information like budget documents and 

images. 

You decide to use the .NET Framework 2.0 Attachment class to create the e-mail attachments within your 

application. 

You are required to specify the content in an attachment by using the attachment class constructors. 

What should you do? (Choose two) 



A. The should be used. 



B. The should be used. 

C. The Image object attachment class should be used. 

D. The XmlDocument object attachment class should be used. 

E. The SqIDataReader object attachment class should be used. 

Answer: AB 
Section: (none) 

Explanation/Reference: 

Explanation: In the scenario the Attachment constructors allow you to create attachments from a filename, a 

String object, or a Stream object. 

Incorrect Answers: 

C: This method is incorrect and should not be used in the scenario because the Image object Attachment class 

cannot directly use an Image object. 

D: This method is incorrect and should not be used in the scenario because the XmlDocument Attachment 

class cannot directly use an XmlDocument object. 

E: This method is incorrect and should not be used in the scenario because the SqIDataReader Attachment 

class cannot directly make use of a SqIDataReader object. 

QUESTION 38 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You use a Windwos XP Professional client computer named Certkiller -WS554 as your development computer. 

You are developing a .NET Framework 2.0 application on a Certkiller -WS554. 

The application will be used globally and must be able to represent characters in the following languages: 

English, Chinese Traditional, Hebrew and Tamil. 

Your application is required to provide error detection for invalid sequences of characters whilst your application 

must also optimize storage. 

What should you do? 

A. Encode the characters in your application using the 

B. Encode the characters in your application using the UTF7Encoding class. 

C. Encode the characters in your application using the UTF32Encoding class. 

D. Encode the characters in your application using the UTF16Encoding class. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: To successfully enable error detection and make the class instance more secure you should make 

use of the UTF8Encoding class in the scenario. 

Incorrect Answers: 

B: The Encoding class used in this option UTF7Encoding does not provide any error detection and should not 

be used in the scenario. 

C, D: The Encoding classes in these options should not be used in the scenario because the UTF16Encoding 

class represents each character as a sequence of one to two 16-bit integers and the UTF32Encoding 

represents each code point as a 32-bit integer. 

QUESTION 39 

You work as the application developer at Certkiller .com. To get information on a specific method named 

myMethod, you use Reflection. 

You need to find out if myMethod can be accessed from a derived class. 

Which of the following properties should you call from the myMethod class? 



A. Call the IsAssembly property. 

B. Call the IsVirtual property. 

C. Call the IsStatic property. 
D. 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: The IsFamily property determines whether the method is accessible onlsecy to the class and 

descendant classes. 

IsAssembly determines accessibility from within the assembly. 

IsVirtual indicates whether the method is virtual. 

IsStatic indicates whether the method is static. 



QUESTION 40 

You work as the application developer at Certkiller .com. You create a new class that uses unmanaged 

resources, but which still has references to managed resources on other objects. 

You want users of the new class to be able to explicitly release resources when the class instance is no longer 

required. 

What should you do next? 

Choose the three actions which you should perform. Each correct answer presents only part of the complete 

solution. 

A. Define the existing class so that it inherits from the WeakReference class. 

B. Define the existing class so that 

C. Create a new class destructor which calls methods on other objects to release the managed resources. 
D. 

E. Create a new Dispose method that calls System. GC. Collect to force garbage collection. 

F. Create a new Dispose method that 
objects to release the managed resources. 

Answer: BDF 
Section: (none) 

Explanation/Reference: 

Explanation: 

It is necessary to implement the Disposable interface if you need to release unmanaged resources or want 

explicit control of the life of managed resources. A class destructor should be created to release the 

unmanaged resources and this should be called from within the Dispose method. The dispose method should 

also release the managed resources. 

Inheriting from WeakReference would result in the garbage collector releasing resources even though there 

may be valid references. 

The managed resources should be released in the Dispose method. System. GC. Collect could be used, 

however it is more efficient to manually release the managed resources. The GC incurs overhead and may 

have only recently been called anyway. The question states resources should be released explicitly. 

QUESTION 41 

You work as the application developer at Certkiller .com. You are developing a debug build of an existing 

application. 

You want to locate a specific line of code which resulted in the exception occurring. 

Choose the property of the Exception class that you should use to accomplish the task. 



A. Data property 

B. Message property 
C. 

D. Source property 

Answer: C 
Section: (none) 

Explanation/Reference: 

Explanation: The StackTrace property provides a listing of the current call stack. 

Information such as the method calls and line numbers are shown. Data will return additional user-defined 
information about the exception Message describes the current exception but will not give details about the 
source code line number. 
Source represents the name of the application or object that caused the error. 

QUESTION 42 

You work as the application developer at Certkiller .com. 

You need to modify the code of an application. 

The application uses two threads named thread A and thread B. You want thread B to complete executing 

before thread A starts executing. 

How will you accomplish the task? 

A. Define thread A to run at a lower priority. 

B. Define thread B to run at a higher priority. 

C. Implement the Wai delegate to synchronize the threads. 

D. Call the Sleep method of thread A. 

E. Call the SpinLock method of thread A. 

Answer: C 

Section: (none) 

Explanation/Reference: 

Explanation: 

Note: Some confusion why the answer is C. Using the ThreadPool and WaitCallBack will not synchronise the 

threads, they will run in the background in parallel 

QUESTION 43 

You work as the application developer at Certkiller .com. 

You are developing a new application named Certkiller App12. 

Certkiller App1 2 must be configured to receive events asynchronously. 

You define two instances named WqlEventQuery and ManagementEventWatcher respectively. 

WqlEventQuery will list those events and event conditions for which Certkiller App1 2 should respond. 

ManagementEventWatcher will subscribe to all events matching the query. 

Which two additional actions should you still perform to enable Certkiller App1 2 to receive events 

asynchronously? 

Choose two correct answers. Each answer presents only part of the complete solution. 

A. to start listening for events. 

B. To configure a listener for events, 

C. To wait for the events, use the WaitFor NextEvent method of the ManagementEventWatcher. 

D. Create an event handler class that contains a method which receives an ObjectReadyEventArgs parameter. 



E. Use the Stopped event of the ManagementEventWatcher to configure a listener for events. 

Answer: AB 
Section: (none) 

Explanation/Reference: 

Explanation: The ManagementEventWatcher will not start to listen (hence the app cannot respond to Async 
messages) until the start method is called. Once the ManagementEventWatcher is listening it will trigger an 
EventArrived event every time an event occurs that matches the query. You should provide a listener for the 
EventArrived event to perform any custom handling. 

WaitForNextEvent method is synchronous i.e the current thread will wait until a matching event occurs 
ObjectReadyEventArgs holds data for the ObjectReadyEvent. The Stopped event is triggered when the 
ManagmentEventWatcher cancels it's subscription i.e is no longer interested in receiving notification of events. 

QUESTION 44 

You work as the application developer at Certkiller .com. 

You are working on an application and want to use platform invoke services to call an unmanaged function from 

managed code. 

How will you accomplish the task? 

A. 

B. Use COM to register the assembly. Reference the managed code from COM. 

C. Export a type library for the managed code. 

D. Import a type library as an assembly. Create instances of COM object. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: It is good practice to wrap the messy P-lnvoke code with a .net class. The main benefit is to keep 
the client code tidy as the messy and cryptic code will be hidden away. Also better for maintenance e.g dll name 
or version changes. The question explicitly says the unmanaged code should be called with platform invoke 
services. lmporting\exporting a type library is relevant for interoperation with COM. 

QUESTION 45 

You work as the application developer at Certkiller .com. You are working on an application named Certkiller 

App11. 

Certkiller App1 1 must be configured to execute a series of mathematical computations simultaneously. 

What should you do next to configure Certkiller App1 1 to execute a series of mathematical computations 

simultaneously? 

A. Configure the IdealProcessor property of the ProcessThread object. 

B. Configure the ProcessorAffinity property of the ProcessThread object. 

C. of the ThreadPool class for each calculation which should be 
performed by Certkiller App1 1 . 

D. Configure the Process. GetCurrentProcess().BasePriority property to be High. 

Answer: C 
Section: (none) 

Explanation/Reference: 

Explanation: The ThreadPool class allows background tasks to run in parallel hence calculations can be 
queued to run as soon as a ThreadPool Worker thread becomes available. Because the ThreadPool can 



manage many worker threads, calculations will run in parallel. 

ProcessThread.ldealProcessor requests a preferred processor for the thread to run on, it will not however 

spawn a new thread - which is what is required here to enable concurrency. 

ProcessorAffinity gets or sets the processors that this thread can be scheduled to run on. Process. BasePriority 

gets the base priority of the process. 

QUESTION 46 

You work as the application developer at Certkiller .com. 

You are developing a strong-named assembly named Certkiller Ass3. 

Certkiller Ass3 will be used by multiple applications. 

You plan to frequently rebuild Certkiller Ass3 during the development lifecycle. 

Whenever Certkiller Ass3 is rebuilt, you must ensure that it works as expected with all applications that will use 

it. 

You must configure the computer that you are using to create Certkiller Ass3 so that all applications reference 

the latest build of Certkiller Ass3. 

Choose the two actions which you should perform to achieve your goal. 

Each correct answer presents only part of the complete solution. 

A. sr Ass3. 

B. I iclud 



C. Include this XML element in the computer configuration file: 
<dependentAssembly> 

<assemblyldentity name-' Certkiller Ass3" 
publicKeyToken="32ab4ba45e0a69a1" 
language="en-US" version-'*.*.*.*" /> 
<publisherPolicy apply="no" /> 
</dependentAssembly> 

D. Include this XML element in the configuration file of each application that must use Certkiller Ass3: 
<supportedRuntime version-'*. *.*.*" /> 

E. Include this XML element in the configuration file of each application that must use Certkiller Ass3: 
<dependentAssembly> 

<assemblyldentity name-' Certkiller Ass3" 
publicKeyToken="32ab4ba45e0a69a1" 
language="en-US" version-'*.*.*.*" /> 
<bindingRedirect newVersion-'*. *.*.*"/> 
</dependentAssembly> 

Answer: AB 
Section: (none) 

Explanation/Reference: 

Explanation: The developmentmode element in the machine configuration file tells the .net runtime to locate the 

assembly by using the DevPath environment variable. The SupportedRuntime element specifies which .net 

runtime versions the assembly supports. 

The DependentAssembly element is used to encapsulate the binding policy and assembly location for each 

assembly. 

QUESTION 47 

You work as the application developer at Certkiller .com. 

You are writing a method that will run through the credentials of the end user. Microsoft Windows groups must 

be used to authorize the user. 

You must develop the code segment which will recognize if the user exists in the local group named Sales. 

Choose the code segment that will do this. 



A. Windowsldentity currentUser = Windowsldentity.GetCurrent(); 
foreach (IdentityReference grp in currentUser.Groups) { 

NTAccount grpAccount = ((NTAccount)grp.Translate(typeof(NTAccount))); 
isAuthorized = grpAccount.Value.Equals(Environment.MachineName + @"\Sales"); 
if (isAuthorized) break; 
} 

B. WindowsPrincipal currentUser = Thread. CurrentPrincipal; 
isAuthorized = currentUser.lslnRole 

C. GenericPrincipal currentUser = (GenericPrincipal) Thread. CurrentPrincipal; 
isAuthorized = currentUser.lslnRole("Sales"); 

D. WindowsPrincipal currentUser = (WindowsPrincipal)Thread. CurrentPrincipal; 
isAuthorized = currentUser.lslnRole(Environment.MachineName); 

Answer: B 
Section: (none) 

Explanation/Reference: 

Explanation: To check the role membership of the current Windows user, user the lslnRole() method of the 
WindowsPrincipal in the current thread. A it is a lot more complicated to iterate through all the groups the user 
belongs to and checking for matches. The Principal classes are for this very purposes and should be used. 
C uses GenericPrincipal. WindowsPrincipal should be used for windows accounts. There is an invalid cast from 
WindowsPrincipal to GenericPrincipal. 
D does not specify the group correctly. 

QUESTION 48 

You work as the application developer at Certkiller .com. 

You are developing a new application named Certkiller App06. 

Certkiller App06 will be used to transmit confidential financial information over the network. 

To secure the confidential data, you create an X509 Certificate object named certificate and create a TcpClient 

object named client. 

You must now create the code segment that creates an SslStream for communication by applying the 

Transport Layer Security 1 .0 protocol. 

Choose the code segment which you should use. 

A. SslStream ssl = new SslStream(client.GetStream()); 
ssl.AuthenticateAsServer( 

certificate, false, SslProtocols.None, true); 

B. SslStream ssl = new SslStream(client.GetStream()); 
ssl.AuthenticateAsServer( 

certificate, false, SslProtocols.Ssl3, true); 

C. SslStream ssl = new SslStream(client.GetStream()); 
ssl.AuthenticateAsServer( 

certificate, false, SslProtocols.Ssl2, true); 

D. SslStream ssl = new SslStream(client.GetStream()); 
ssl.AuthenticateAsServer( 

certificate, false, 

Answer: D 
Section: (none) 

Explanation/Reference: 



QUESTION 49 



You work as the application developer at Certkiller .com. 

You are developing a new method that must encrypt confidential data. 

The method must use the Data Encryption Standard (DES) algorithm. Your new method takes these 

parameters: 

1 . A byte array, named message, that must be encrypted by applying the DES algorithm. 

2. A key, named key, which will be used to encrypt the data. 

3. The initialization vector, named iv. 

Once the data is encrypted, it must be added to the MemoryStream object. 

Choose the code segment which will encrypt the specified data and add it to the MemoryStream object. 

A. DES des = new DESCryptoServiceProvider(); 
doo. Bl ockS i zo = moooago.Longth; 
ICryptoTransform crypto = des.CreateEncryptor(key, iv); 
MemoryStream cipherStream = new MemoryStream(); 

CryptoStream cryptoStream = new CryptoStream(cipherStream, crypto, CryptoStreamMode. Write); 
cryptoStream.Write(message, 0, message. Length); 

B. DES des = new DESCryptoServiceProvider(); 
ICryptoTransform crypto = des.CreateDecryptor(key, iv); 
MemoryStream cipherStream = new MemoryStream(); 

CryptoStream cryptoStream = new CryptoStream(cipherStream, crypto, CryptoStreamMode. Write); 
cryptoStream. Write(message, 0, message. Length); 

C. DES des = new DESCryptoServiceProvider(); 
ICryptoTransform crypto = des.CreateEncryptor(); 
MemoryStream cipherStream = new MemoryStream(); 

CryptoStream cryptoStream = new CryptoStream(cipherStream, crypto, CryptoStreamMode. Write); 
cryptoStream. Write(message, 0, message. Length); 

D. jES des — new DESCrypi DServiceProvider(); 
ICryptoTransform crypto = des.CreateEncryptor(key, iv); 
MemoryStream cipherStream = new MemoryStream(); 

CryptoStream cryptoStream = new CryptoStream(cipherStream, crypto, CryptoStreamMode. Write); 
cryptoStream. Write(message, 0, message. Length); 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: Use the DesCryptoServiceProvider to create a new encryptor.Create a CryptoStream that encrypt 

directly to the MemoryStream and call the Write() method to perform the encryption. 

A Uses a blocksize set to size of the entire message 

B creates a decryptor instead of an encryptor. 

C does not initialize the encryptor with the key and iv correctly. 

QUESTION 50 

You work as the application developer at Certkiller .com. 

You have to create a new security policy for an application domain which must enforce the new Certkiller .com 

security policy. 

You write the code segment to do this: 

PolicyLevel policy = PolicyLevel.CreateAppDomainLevel(); 

PolicyStatement noTrustStatement =new PolicyStatement(policy.GetNamedPermissionSet("Nothing")); 

PolicyStatement fullTrustStatement = 

new PolicyStatement( 

policy. GetNamedPermissionSet("FullTrust")); 



You must now ensure that all loaded assemblies default to the Nothing permission set. 

In addition to this, when an assembly comes from a trusted zone, your security policy must grant the assembly 

the FullTrust permission set. You must create the code groups to do this. 

Choose the code segment which will achieve this objective. 

A. CodeGroup groupl = new FirstMatchCodeGroup(new ZoneMembershipCondition(SecurityZone.Trusted), 
fullTrustStatement); 

CodeGroup group2 = new UnionCoderoup( 
new AIIMembershipCondition(), 
noTrustStatement); 
groupl .AddChild(group2); 

B. | = new FirstMatchCodeGroup(new .noTrustStatement); 

= new UnionCodeGroup( 
newZoneMembershipCondition(SecurityZone.Trusted), 
fullTrustStatement); 
groupl .AddChild(group2); 

C. CodeGroup group = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Trusted), 
fullTrustStatement); 

D. CodeGroup group = new FirstMatchCodeGroup(new AIIMembershipCondition(), noTrustStatement); 

Answer: B 
Section: (none) 

Explanation/Reference: 



QUESTION 51 

You are writing a method that accepts a string parameter named message. 

Your method must break the message parameter into individual lines of text and pass each line to a second 

method named Process. 

Which code segment should you use? 

A. StringReader reader = new StringReader(message); 
Process(reader.ReadToEnd()); 
reader.Close(); 

B. StringReader reader = new StringReader(message); 
while (reader.Peek() != -1) { 

string line = reader.Read().ToString(); 
Process(line); 

} 
reader.Close(); 

C. StringReader reader = new StringReader(message); 
Process(reader.ToString()); 

reader.Close(); 

D. StringReader reader = new StringReader(message); 
while (reader.Peek() != -1) { 
Process(reader.ReadLine()); 

} 
reader.Close(); 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: StringReader.ReadLine() allows for lines to be read line by line. 



A ReadToEnd() will read the entire stream. 

B Read() will not read the line but only the next character. 

C will not read from the message but will just give a string representation of the reader. 

• ReadLine !!! 



QUESTION 52 

you have recently written the code shown below: 

Hashtable emailAddresses = new Hashtable (); 
emailAddresses.Add ("Mia", "mia@ Certkiller .com"); 
emailAddresses.Add ("Andy", "andy@ Certkiller .com"); 
emailAddresses.Add ("Kara", "kara@ Certkiller .com"); 

You need to ensure that these e-mail addresses are stored in the Email.dat file so that you can load them again 
when the user restarts the application. 
What should you do? 

A. Add the following code: 

FileStream stream = new FileStream ("Email.dat", FileMode. Create); 
BinaryFormatter formatter = new BinaryFormatter (); 
formatter.Deserialize(stream, emailAddresses); 

B. Add the following code: 

FileStream stream = new FileStream ("Email.dat", FileMode. Create); 

formatter. (stream, emailAddresses); 

C. Add the following code: 

FileStream stream = new FileStream ("Email.dat", FileMode. Create); 
stream. Serialize(emailAddresses); 

D. Add the following code: 

FileStream stream = new FileStream ("Email.dat", FileMode. Create); 
stream. WriteObject(emailAddresses); 

Answer: B 
Section: (none) 

Explanation/Reference: 

This code instantiates a file stream, instantiates a BinaryFormatter object, and serializes the emailAddresses 
object to the Email.dat file. The FileStream constructor takes a file path string and FileMode enumeration as 
arguments. The Serialize method of the BinaryFormatter class takes two arguments, a stream and the object to 
be serialized. 
The Serialize method uses the stream to write the object to the destination. 

Incorrect Answers: 

A: You should not add the code that invokes the Deserialize method of the BinaryFormatter class because you 

must serialize the object first. C D: You should not add the code fragments that do not instantiate the 

BinaryFormatter object 

because the WriteObject and Serialize methods do not exist in the FileStream class. 

■ Achtung die Frage meint Serialisierung und nicht Kontrolle mit Deserialisierung • dann ist es einfach oder !!! 
QUESTION 53 



Certkiller .com has a file server named Certkiller -SR07 that stores old inventory files. Certkiller .com has given 

you the task of creating an application to archive these old inventory files. 

The inventory files have to be compressed prior to being uploaded to Certkiller .corn's Web server. 

You are currently writing a method that will receive a byte array and compress it into a new file. 

You need to ensure that a data corruption check takes place during the decompression process. 

What should you do? 

A. Use the following code: 

public void CompressFileWrite(string file, byte[] data){ 

FileStream fs = new FileStream(file, FileMode. Create); 

DeflateStream cs = new DeflateStream( fs, Compressionmode. Compress, true); 

cs. Write (data, 0, data. Length); 

cs.Close(); 

} 

B. Use the following code: 

public void CompressFileWrite(string file, byte[] data){ 

FileStream fs = new FileStream (file, FileMode. Create); 

GZipStream cs = new GZipStream( fs, Compressionmode. Compress, true); 

cs. Compress (data, 0, data. Length); 

cs. Close (); 

} 

C. Use the following code: 

public void CompressFileWrite(string file, byte[] data){ 

FileStream fs = new FileStream(file, FileMode. Create); 

DeflateStream cs = new DeflateStream( fs, Compressionmode. Compress, true); 

cs.Compress(data, 0, data. Length); 

cs. Close (); 

} 

D. Use the following code: 

public void CompressFileWrite (string file, byte[] data){ 

FileStream fs = new FileStream(file, FileMode. Create); 

GZipStream cs = new GZipStream( fs, Compressionmode. Compress, true); 

cs.Write(data, 0, data. Length); 

cs.Close(); 

} 

Answer: D 
Section: (none) 

Explanation/Reference: 

Explanation: 

Incorrect Answers: 

A, B, C: You should not use the code fragments that specify the DeflateStream class because this data format 

does not ensure that a data corruption check occurs during decompression. You should also not use the code 

that invokes the Compress method because no such method exists in the GZipStream or the DeflateStream 

classes. 

■ GZIP HAT data corruption check 

■ CompressionMode. Decompress bzw. CompressionMode. Compress • Read-Methode bzw. Write-Methode 

QUESTION 54 

You work as the application developer at Certkiller .com. Certkiller .com uses Visual Studio.NET 2005 as its 

application development platform. 

You are developing an application that will be used to connect and control the behavior of existing services 

installed on a network server named Certkiller -SR01 . 

What should you do? 



A. Use the properties of the class. 

B. Use the Site property of the ServiceController class. 

C. Use the Site property of the Servicelnstaller class. 

D. Use the ServiceName and DisplayName properties of the Servicelnstaller class. 

Answer: A 
Section: (none) 

Explanation/Reference: 

Explanation: The proper way to connect and control the behavior of existing services is by using the 

ServiceController class after which you are required to set two properties on it to identify the service to interact 

with. The MachineName property is used to define the computer Certkiller -SR01 . 

Incorrect Answers: 

B, C: The Site property of the ServiceController and Servicelnstaller class should not be used because they 

bind a component to a container and enables communication between them. 

D: This property should not be used as it is meant to specify the name of the service at the time of installation. 

The DisplayName property is used to specify the friendly name of the service at the time of installation. 



